Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

Começar

compliance-security-standards

Estrelas2

Forks1

Atualizado5 de abril de 2026 às 22:51

Compliance frameworks (SOC2, HIPAA, GDPR, PCI DSS) with control mappings and implementation guidance

Instalação

Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.

Executar no Manus

Fonte

navraj007in

navraj007in/architecture-cowork-plugin

Abrir repositório GitHub Ver repositórios do creator

Download

Executar no Manus

Ocupações relacionadasSOC

Baseado na classificação ocupacional SOC

AdvogadosOcupações Jurídicas·SOC 23-1011

SKILL.md

readonly

Mais deste repositório

mesmo repositório

deep-research

navraj007in/architecture-cowork-plugin

Structured web research methodology for market analysis, competitor research, and technology evaluation. Ensures research uses live web data with source citations and confidence tags.

2026-04-262

diagram-patterns

navraj007in/architecture-cowork-plugin

Mermaid diagram templates for solution architecture, service communication, C4 Context/Container, data flow, agent flow, deployment, and sequence diagrams. Use when generating architecture diagrams.

2026-04-132

sdl-knowledge

navraj007in/architecture-cowork-plugin

Solution Design Language (SDL) specification — schema, validation, normalization, and generation rules

2026-04-112

architecture-methodology

navraj007in/architecture-cowork-plugin

Core methodology for analysing requirements, building system manifests, and generating architecture deliverables. Use when planning or designing any software architecture.

2026-04-052

export-diagrams

navraj007in/architecture-cowork-plugin

Extract and render all Mermaid diagrams from architecture blueprints to PNG images. Creates a diagrams/ folder with high-quality images ready for presentations and documentation.

2026-04-052

export-docx

navraj007in/architecture-cowork-plugin

Convert architecture documents (blueprints, stakeholder presentations) from Markdown to professionally formatted Word (.docx) files. Applies corporate styling, embeds PNG diagrams, and creates presentation-ready documents.

2026-04-052

name	Compliance & Security Standards
description	Compliance frameworks (SOC2, HIPAA, GDPR, PCI DSS) with control mappings and implementation guidance

Framework	Industry	Focus	Audit Frequency	Scope
SOC2 Type II	Cloud/SaaS	Security, availability, confidentiality, integrity, privacy	Annual + 6 months snapshot	All services
HIPAA	Healthcare	Protected Health Information (PHI) protection	Triennial + event-driven	All systems handling PHI
GDPR	EU/International	Personal Data protection and rights	Ongoing (data subject requests)	EU users + data
PCI DSS	Payment	Payment Card Industry data	Annual + quarterly scans	Systems handling card data

Control	Implementation	Code Pattern
CC6.1 Infrastructure monitoring	Prometheus metrics on all services	`GET /metrics` endpoint emits errors, latency, resource usage
CC6.2 Deployment access control	GitHub branch protection + required code review	Enforce 2 approvals before merge to main
CC6.3 Change management	All changes logged with who, when, what	Git commit history + CI/CD logs
CC6.4 Backup & recovery	Automated daily backups with RTO/RPO	`pg_dump` schedule + S3 replication
CC7.2 Encryption at rest	Database encryption (AWS KMS, PostgreSQL pgcrypto)	`CREATE EXTENSION pgcrypto;` + field-level encryption
CC7.3 Encryption in transit	TLS 1.2+ for all network traffic	`https://` only, no cleartext HTTP
CC7.4 Cryptographic key management	Key rotation, secure storage	AWS Secrets Manager or HashiCorp Vault

Control	Implementation	Code Pattern
A1.1 Availability SLOs	99.5% uptime target	Monitor error budget daily
A1.2 Incident response	Documented runbooks, on-call escalation	Slack automation + PagerDuty
A2.1 Capacity planning	Monitor and right-size resources	Auto-scaling rules based on CPU/memory

Control	Implementation	Code Pattern
C1.1 Data classification	Tag all data fields with sensitivity (public/internal/confidential)	Schema comments: `-- @sensitive: true`
C1.2 Access controls	Role-based access (RBAC) with least privilege	Middleware: `@RequireRole('admin')`
C1.3 Audit logging	Log all data access	`SELECT * FROM users` logs: who, when, what

Control	Implementation	Code Pattern
I1.1 Data validation	Input validation on all boundaries	Zod/FluentValidation schemas
I2.1 Change detection	Checksums and signatures for critical data	Hash on INSERT/UPDATE, verify on SELECT

Safeguard	Implementation
Access Controls	User authentication (MFA), authorization (RBAC), PHI field-level encryption
Audit Controls	Immutable audit log: who accessed which PHI, when, from where
Integrity Controls	Data checksums, tamper detection, digital signatures for PHI
Transmission Security	TLS 1.2+ for all PHI transmission; VPN for remote access

Right	Implementation	Timeline
Right to Access	`/api/users/{id}/export` endpoint returns all user data in machine-readable format	30 days
Right to Rectification	`/api/users/{id}/data` PUT endpoint allows user to correct their data	Immediate
Right to Erasure ("Right to be Forgotten")	`/api/users/{id}` DELETE removes all personal data (GDPR Article 17)	30 days
Right to Restrict Processing	User can request their data not be processed (e.g., marketing emails)	Immediate
Right to Data Portability	Export in standard format (JSON, CSV) for migration to another service	30 days
Right to Object	Opt out of profiling, automated decision-making	Immediate

Control	Implementation
No card storage	All card data goes directly to Stripe; you store only token
No PAN (Primary Account Number) in logs	Never log or error-message card numbers
TLS for all card transmissions	HTTPS only; no cleartext HTTP
Access control	Only backend can request card tokens; frontend never sees raw data

Status	Definition	Action
Implemented	Control is coded, tested, documented	✅ Ready for audit
Partial	Control exists but has gaps (e.g., encryption on some fields, not all)	⚠️ Remediate gaps
Missing	Control not implemented	🔴 Must implement before audit
Not Applicable	Control doesn't apply to your product	ℹ️ Document why (e.g., no payment processing → PCI not applicable)

compliance-security-standards

Mais deste repositório

Mais deste repositório

Compliance & Security Standards Skill

Overview

Framework Mapping

SOC2 Type II

Security (CC — Common Criteria)

Availability (A — Availability and Resilience)

Confidentiality (C — Confidentiality)

Integrity (I — Integrity)

HIPAA (Health Insurance Portability and Accountability Act)

Key Definitions

Technical Safeguards (Required)

Code-Level Implementation

GDPR (General Data Protection Regulation)

Key Principles

Data Rights (User-Facing Features)

Code Implementation

PCI DSS (Payment Card Industry Data Security Standard)

Scope Reduction Strategy

Minimal Implementation (Scope Reduced)

Code Pattern

What NOT to Do (PCI Violations)

Compliance Audit Checklist

Pre-Audit Preparation

Evidence Collection

Multi-Framework Compliance

HIPAA + GDPR

SOC2 + PCI DSS

Compliance Scoring

Control Assessment Matrix

Gap Scoring

Compliance & Security Standards Skill

Overview

Framework Mapping

SOC2 Type II

Security (CC — Common Criteria)

Availability (A — Availability and Resilience)

Confidentiality (C — Confidentiality)

Integrity (I — Integrity)

HIPAA (Health Insurance Portability and Accountability Act)

Key Definitions

Technical Safeguards (Required)

Code-Level Implementation

GDPR (General Data Protection Regulation)

Key Principles

Data Rights (User-Facing Features)

Code Implementation

PCI DSS (Payment Card Industry Data Security Standard)

Scope Reduction Strategy

Minimal Implementation (Scope Reduced)

Code Pattern

What NOT to Do (PCI Violations)

Compliance Audit Checklist

Pre-Audit Preparation

Evidence Collection

Multi-Framework Compliance

HIPAA + GDPR

SOC2 + PCI DSS

Compliance Scoring

Control Assessment Matrix

Gap Scoring